subject:"\[issue36247\] zipfile \- extract truncates \(existing\) file when bad password provided \(zip encryption weakness\)"

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

2019-03-17 Thread Ned Deily

Ned Deily added the comment: I'll let it up to other coredevs to decide whether this is behavior that should be changed in master for the next feature release and/or whether a doc change is needed. But we are not going to change the behavior of 3.6 for sure so I am closing PR 12242.

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

2019-03-10 Thread Cristi Fati

Cristi Fati added the comment: Hm, I assumed that a bad password, will raise an exception (at some point). but, if it doesn't, the destination file will be overwritten (with the messed up content), which also happens now (so, no behavior change). This is trying to make wrong passwords

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

2019-03-09 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: When you pass an incorrect password, it is not possible to guarantee that you will get an exception and the destination file will be kept unchanged. It is possible that you will get an incorrectly deciphered file without noticing. I do not think that the

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

2019-03-08 Thread Karthikeyan Singaravelan

Change by Karthikeyan Singaravelan : -- nosy: +alanmcintyre, serhiy.storchaka, twouters ___ Python tracker ___ ___ Python-bugs-list

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

2019-03-08 Thread Cristi Fati

Cristi Fati added the comment: Submitted: https://github.com/python/cpython/pull/12242. As a note, it applies to any Python version. -- keywords: +patch pull_requests: +12230 stage: -> patch review ___ Python tracker

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

2019-03-08 Thread Cristi Fati

New submission from Cristi Fati : PKWARE encryption password pre check algorithm (relying on an 8 bits value to differentiate passwords) is insanely short. Most of the wrong passwords are filtered out by the check, but some of them aren't. For the ones in the latter category, when trying to

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

[issue36247] zipfile - extract truncates (existing) file when bad password provided (zip encryption weakness)

6 matches

Site Navigation

Mail list logo

Footer information